Firewalla Target Lists: Simplify Complex Policies
In case you are working with Firewalla services such as "Rules" or "Smart Queue", and at times you may want to operate on multiple destinations (IP or domain addresses). To do this efficiently, you can use the Firewalla Target List.
Firewalla Target Lists are sets of targets defined by domain (exact or all subdomains) or IP (exact or range). You can use Target Lists to create rules or prioritize several targets at once, making it easy to organize similar policies.
- Block online games using a custom Target List
- Block iCloud Private Relay using a pre-defined Target List
- Prioritize traffic
- Mute Alarms based on a Target List
How do I use Firewalla Target Lists?
Login to Firewalla Web, click Target List on the left side, and you'll see a list of pre-built target Lists owned by Firewalla:
- Apple Private Relay – a list of Apple's Private Relay servers
- Crypto List – a list of known cryptocurrency mining sites
- DShield Block List – a collaboratively created list of cyber threats
- DoH Services (beta) – a list of well-knwon DoH servers
- OISD – a list of risky sites or sites that have unwanted content
- Tor Exit Nodes – a list of gateways between Tor encrypted traffic and the Internet
- Tor Full Nodes – a list of all Tor nodes
- Log4j Attackers – a list of known log4j attackers
To create a custom Target List, click the + Create Target List button in the top right corner. Enter a name for your list, assign it a category, enter your targets, then click Create Target List to save.
(Wildcard domains need to add *.domain.com, this is different than the Firewalla rules domain, which is wildcard by default.)
Updating Target Lists from the Firewalla App
Although you will still need to use the Firewalla web interface to manage your Target Lists, you can quickly add a domain or an IP address from a flow or an alarm to a Target List you've created.
- Tap on the flow or alarm, then scroll down to its IP address or domain
- Tap Add to Target List
- Select which Target List you want to update, then tap Add
Tutorial: Blocking a Specific Game
If you want to block one specific game on your network but still allow casual gaming, you can use Target Lists to do just that. (This may not be for everyone– you may need to research what IPs/domains your specific game uses.)
First, create a Target List with the IP addresses of the game servers you want to block. For a list of the IP addresses used by "Valorant" and "League of Legends", see our tutorial here.
Then, create a rule that blocks access to the designated Target List:
- Action: Block
- Matching: the Target List you just created
- On: the device you want to block
- Schedule: always, or whatever schedule you'd like to set
Mute Alarms Matching a Target List
If you want to mute alarms from a list of IPs used by Ring services but don't want to create mute settings for each IP individually, you can create a Target List of those IPs and selectively mute alarms related to those IPs. Create your Target List, then configure your alarm settings.
- Alarms -> Alarm Settings
- Choose an alarm category -> Mute
- Tap Add Target List and select the Target List you created
- Apply the mute setting to the devices you want to mute the alarm for
What are the limits on Target Lists?
Managing Target Lists is a web-only function, meaning you can't create, delete, or do complex editing on Target Lists from the Firewalla mobile app. Managing lists is a complex process, and mistakes can take time to debug. On Firewalla Web, we support up to 200 Target Lists with up to 200 targets. On Firewalla MSP, we support up to 200 Target Lists with up to 2000 targets.
This is part of our Firewalla Weekly Newsletter. You can sign up here https://firewalla.com/weekly.